Launchpad.net

CVE 2017-9300

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Related bugs and status

CVE-2017-9300 (Candidate) is related to these bugs:

Bug #1703754: Force sync vlc 2.2.6-3 from Debian Sid

Summary				In	Importance	Status
	1703754	Force sync vlc 2.2.6-3 from Debian Sid		vlc (Ubuntu)	Undecided	Fix Released

Bug #1709420: [CVE] flac: Fix heap write overflow on frame format change

		In	Importance	Status
1709420	[CVE] flac: Fix heap write overflow on frame format change	vlc (Ubuntu)	Medium	Fix Released
1709420	[CVE] flac: Fix heap write overflow on frame format change	vlc (Ubuntu Zesty)	Undecided	Fix Released
1709420	[CVE] flac: Fix heap write overflow on frame format change	vlc (Ubuntu Trusty)	Undecided	Fix Released
1709420	[CVE] flac: Fix heap write overflow on frame format change	vlc (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-9300

Related bugs and status

Related bugs

References